Passwork.me (Team Password Manager For Business) has investigated a security issue with VPNFilter.
Security researches from Cisco Talos group published detailed information on the VPNFilter malware, which infected over 500 thousands routers in at least 54 countries, allowing the actors to spy on users and carry on cyberattacks.
The malware was originally thought to target routers and networking devices from such vendors as Linksys, MikroTik, NETGEAR, and TP-Link, but a deeper analysis showed that VPNFilter is also able to infect devices produced by ASUS, D-Link, Huawei, Ubiquiti, QNAP, UPVEL, and ZTE.
To compromise devices, the malware uses publicly known vulnerabilities as well as default credentials.
In addition to that, the researchers provided technical details on a module named “ssler”, an improved network sniffer allowing hackers to intercept traffic and deliver exploits via a man-in-the-middle attack (MitM).
This module also allows the malware to be constantly present on the device, even after its reboot.
Moreover, VPN Filter has destructive functions (the “dstr” module) allowing to make the infected device inoperable by deleting files needed for its normal operation.